Page 1 of 1

Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 12:08 pm
by mdnpascual
How do I get a register address in auto assemble to a variable so I can properly revert the values I've modified?

I have a code that looks like these:

Code: Select all

code:
code:
  mov [edi+40], 0x3c23d70a  //orig: 0.4
  mov [edi+50], 0x41400000  //orig: 6
  fstp dword ptr [edi+60]
  mov [edi+60], 0 //orig: 1.6
  fld dword ptr [edi+60]
  lea eax,[ebp-00000160]
  jmp return
The original auto assembled one was only meant to change [edi+60], but since I found found some relevant values around [edi+60], I also modified them here.

How do I store the value of [edi] so I can disable the cheat properly by reverting those values previously(edi+40 and +50)?

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 1:59 pm
by Blayde
mdnpascual wrote:
Mon Jan 22, 2018 12:08 pm
How do I store the value of [edi] so I can disable the cheat properly by reverting those values previously(edi+40 and +50)?
Can you post your script with original values ?
You can also just find poiter to [edi+40].

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 2:19 pm
by mdnpascual
I found a thread on the old cheat engine forums where apparently I can create a variable dynamically and use it as long I allocate memory for it. I removed all but one address where I want to revert its value but when I tried it, it still won't disable
Blayde wrote:
Mon Jan 22, 2018 1:59 pm
mdnpascual wrote:
Mon Jan 22, 2018 12:08 pm
How do I store the value of [edi] so I can disable the cheat properly by reverting those values previously(edi+40 and +50)?
Can you post your script with original values ?

Code: Select all

[ENABLE]

registersymbol(edipointer)

aobscan(AccANDrange,D9 47 60 8D 85 A0 FE FF FF 83 EC 04 D9 1C 24 83 EC 08) // should be unique
alloc(newmem,$2048)
alloc(edipointer,$4)

label(code)
label(return)

newmem:

code:
  mov [edipointer],edi
  ////////
  mov [edi+50], 0x41400000  //orig: 6
  mov [edi+60], 0 //orig 1.6
  fld dword ptr [edi+60]
  lea eax,[ebp-00000160]
  jmp return

AccANDrange:
  jmp newmem
  nop
  nop
  nop
  nop
return:
registersymbol(AccANDrange)

[DISABLE]

mov [edipointer+50], 0x40c00000
AccANDrange:

  db D9 47 60 8D 85 A0 FE FF FF


unregistersymbol(edipointer)
unregistersymbol(AccANDrange)
dealloc(newmem)
dealloc(edipointer)

{
// ORIGINAL CODE - INJECTION POINT: 1CDB45BD

""+1CDB4597: 89 08                          -  mov [eax],ecx
""+1CDB4599: 8B 8D DC FE FF FF              -  mov ecx,[ebp-00000124]
""+1CDB459F: 89 48 04                       -  mov [eax+04],ecx
""+1CDB45A2: 8B 8D E0 FE FF FF              -  mov ecx,[ebp-00000120]
""+1CDB45A8: 89 48 08                       -  mov [eax+08],ecx
""+1CDB45AB: 8D 85 E4 FE FF FF              -  lea eax,[ebp-0000011C]
""+1CDB45B1: 83 EC 0C                       -  sub esp,0C
""+1CDB45B4: 50                             -  push eax
""+1CDB45B5: E8 66 12 FF FF                 -  call 1CDA5820
""+1CDB45BA: 83 C4 0C                       -  add esp,0C
// ---------- INJECTING HERE ----------
""+1CDB45BD: D9 47 60                       -  fld dword ptr [edi+60]
""+1CDB45C0: 8D 85 A0 FE FF FF              -  lea eax,[ebp-00000160]
// ---------- DONE INJECTING  ----------
""+1CDB45C6: 83 EC 04                       -  sub esp,04
""+1CDB45C9: D9 1C 24                       -  fstp dword ptr [esp]
""+1CDB45CC: 83 EC 08                       -  sub esp,08
""+1CDB45CF: 8B 8D E4 FE FF FF              -  mov ecx,[ebp-0000011C]
""+1CDB45D5: 89 0C 24                       -  mov [esp],ecx
""+1CDB45D8: 8B 8D E8 FE FF FF              -  mov ecx,[ebp-00000118]
""+1CDB45DE: 89 4C 24 04                    -  mov [esp+04],ecx
""+1CDB45E2: 50                             -  push eax
""+1CDB45E3: E8 A8 C2 85 E9                 -  call 06610890
""+1CDB45E8: 83 C4 0C                       -  add esp,0C
}

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 2:28 pm
by Blayde
I'm not sure if this will work. :?
If you find pointer to "original value 0.4" (mov [edi+40], 0x3c23d70a //orig: 0.4) i think i can help you.
Btw is this (0.4) the same every time you start/restart the game ?

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 2:47 pm
by mdnpascual
ye, those values are always the same. It's just different addresses and same offset against edi found on that aobscan

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 2:53 pm
by Blayde
Ok. Now search for this value (0.4) and find pointer to it (instead of what writes).

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 4:41 pm
by TheyCallMeTim13
You could use readMem for this.
Example:

Code: Select all

define(oldBytes, 5C 0A 00 00)
	// 00000A64
		// mov edx,[ecx+00000A5C]
define(newBytes, 60 0A 00 00)
	// 00000A60
		// mov edx,[ecx+00000A60]
define(byteLenght, 4)
////
//// ------------------------------ ENABLE ------------------------------
[ENABLE]
aobScanModule(aobManaChargeHook, game.exe, ...)
define(injManaChargeHook, aobManaChargeHook+12)
registerSymbol(injManaChargeHook)

alloc(memManaChargeHook, byteLenght)
registerSymbol(memManaChargeHook)

memManaChargeHook:
	readMem(injManaChargeHook, byteLenght) // save the bytes some where for later.

////
//// ---------- Injection Point ----------
injManaChargeHook:
	db newBytes // write new bytes for hook.


////
//// ------------------------------ DISABLE ------------------------------
[DISABLE]
////
//// ---------- Injection Point ----------
injManaChargeHook:
	readMem(memManaChargeHook, byteLenght) // restore old bytes that where saved.

dealloc(memManaChargeHook)
unregisterSymbol(injManaChargeHook)
unregisterSymbol(memManaChargeHook)
Just change the address from injection points to the values address and set the byte length to the size of your values.

EDIT:
Or you could use a luaCall for this:

Code: Select all

...
[DISABLE]
...
luaCall(readInteger('[SomeSymbolToTheValue]', writeInteger('[SomeSymbolItWasSavedTo]')))
Or for a float:

Code: Select all

...
[DISABLE]
...
luaCall(readFloat('[SomeSymbolToTheValue]', writeFloat('[SomeSymbolItWasSavedTo]')))
Just know that the Lua code will always run first in a Cheat Engine memory record.

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 6:15 pm
by sbryzl
If you don't know the original address you can record it within your codecave.

Code: Select all

[ENABLE]

label(edipointer)
registersymbol(edipointer)

aobscan(AccANDrange,D9 47 60 8D 85 A0 FE FF FF 83 EC 04 D9 1C 24 83 EC 08)
registersymbol(AccANDrange)

alloc(newmem,$204)
//alloc(edipointer,$4)

label(code)
label(return)

newmem:
edipointer:
dq 0

code:
  mov [edipointer],edi
  mov [edipointer+4],1
  ////////
  mov [edi+50], 0x41400000  //orig: 6
  mov [edi+60], 0 //orig 1.6
  fld dword ptr [edi+60]
  lea eax,[ebp-00000160]
  jmp return

AccANDrange:
  jmp code
  nop
  nop
  nop
  nop
return:

[DISABLE]
assert(edipointer+4,1)

[edipointer]+50:
dd (float)6
[edipointer]+60:
dd (float)1.6

//mov [edipointer+50], 0x40c00000
AccANDrange:

  db D9 47 60 8D 85 A0 FE FF FF


unregistersymbol(edipointer)
unregistersymbol(AccANDrange)
dealloc(newmem)
edit: needed to comment this: mov [edipointer+50], 0x40c00000

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 8:57 pm
by Blayde
Why you gays read this?
Hi/she just need one timer. So?
STN please i just want ot help.
Can i just hack this gays ? (not misspelled)


Codecave?
Readmem?
Simple and stupid.

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 9:52 pm
by TheyCallMeTim13
Blayde wrote:
Mon Jan 22, 2018 8:57 pm
Why you gays read this?
Hi/she just need one timer. So?
STN please i just want ot help.
Can i just hack this gays ? (not misspelled)
...
Are you sure, because with the miss use of the your singulars and plurals kinda make it seem like misspelling would make more sense?

So just to conform, you're just homophobic, not misspelling?

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 10:23 pm
by Blayde
TheyCallMeTim13 wrote:
Mon Jan 22, 2018 9:52 pm
Blayde wrote:
Mon Jan 22, 2018 8:57 pm
Why you gays read this?
Hi/she just need one timer. So?
STN please i just want ot help.
Can i just hack this gays ? (not misspelled)
...
Are you sure, because with the miss use of the your singulars and plurals kinda make it seem like misspelling would make more sense?

So just to conform, you're just homophobic, not misspelling?
Try your luck in trainer / table section if you are that smart sir. ;)
Peace

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 10:53 pm
by mdnpascual
sbryzl wrote:
Mon Jan 22, 2018 6:15 pm
If you don't know the original address you can record it within your codecave.

Code: Select all

[ENABLE]

label(edipointer)
registersymbol(edipointer)

aobscan(AccANDrange,D9 47 60 8D 85 A0 FE FF FF 83 EC 04 D9 1C 24 83 EC 08)
registersymbol(AccANDrange)

alloc(newmem,$204)
//alloc(edipointer,$4)

label(code)
label(return)

newmem:
edipointer:
dq 0

code:
  mov [edipointer],edi
  mov [edipointer+4],1
  ////////
  mov [edi+50], 0x41400000  //orig: 6
  mov [edi+60], 0 //orig 1.6
  fld dword ptr [edi+60]
  lea eax,[ebp-00000160]
  jmp return

AccANDrange:
  jmp code
  nop
  nop
  nop
  nop
return:

[DISABLE]
assert(edipointer+4,1)

[edipointer]+50:
dd (float)6
[edipointer]+60:
dd (float)1.6

//mov [edipointer+50], 0x40c00000
AccANDrange:

  db D9 47 60 8D 85 A0 FE FF FF


unregistersymbol(edipointer)
unregistersymbol(AccANDrange)
dealloc(newmem)
edit: needed to comment this: mov [edipointer+50], 0x40c00000
At first I was wondering why the game was crashing at enable, then I noticed that the jmp was changed from newmem to code. Fixed the problem and it works for all the static values I'm changing! Thank you

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Mon Jan 22, 2018 11:16 pm
by Blayde
mdnpascual wrote:
Mon Jan 22, 2018 10:53 pm
..I noticed that the jmp was changed from newmem to code. .
Your code was ok (check your second post)
NEVER put new memory under newmem. You can, but it's not good decision. Ask the "professionals" why.

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Tue Jan 23, 2018 1:36 am
by TheyCallMeTim13
Blayde wrote:
Mon Jan 22, 2018 10:23 pm
TheyCallMeTim13 wrote:
Mon Jan 22, 2018 9:52 pm
Blayde wrote:
Mon Jan 22, 2018 8:57 pm
Why you gays read this?
Hi/she just need one timer. So?
STN please i just want ot help.
Can i just hack this gays ? (not misspelled)
...
Are you sure, because with the miss use of the your singulars and plurals kinda make it seem like misspelling would make more sense?

So just to conform, you're just homophobic, not misspelling?
Try your luck in trainer / table section if you are that smart sir. ;)
Peace
I can only hope others can understand and answer questions as well as you.

Why avoid the questions?

Re: Save register address to a variable in Auto Assemble to revert the values when disabling

Posted: Thu Jan 25, 2018 8:57 pm
by sbryzl
Blayde wrote:
Mon Jan 22, 2018 11:16 pm
NEVER put new memory under newmem. You can, but it's not good decision. Ask the "professionals" why.
If you think that's bad you should see what I did to Mount and Blade's skillset function.